Package Exports
- tsse
- tsse/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (tsse) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
tsse
⏱ Constant time string/buffer equals.
Coded with ❤️ by Simone Primarosa.
Synopsis
tsse is a string comparison algorithm to prevent Node.js timing attacks.
This differs from
crypto.timingSafeEqualbecause it:
- supports both
stringsandBuffers;- supports inputs of different lengths.
Install
$ npm install --save tsseUsage
const tsse = require('tsse');
const hash = '0a4d55a8d778e5022fab701977c5d840bbc486d0';
const givenHash = '1265a5eb08997ced279d3854629cba68a378b528';
if (tsse(hash, givenHash)) {
console.log('good hash');
} else {
console.log('bad hash');
}
// => bad hashAPI
tsse(hiddenStr, inputStr) ⇒ boolean
Does a constant-time String comparison.
NOTE: When hiddenStr and inputStr have different lengths hiddenStr is compared to itself, which makes the comparison non-commutative (time-wise).
Kind: global function
Returns: boolean - true if equals, false otherwise.
Access: public
| Param | Type | Description |
|---|---|---|
| hiddenStr | string | Buffer |
A string that you don't want to leak. |
| inputStr | string | Buffer |
Another string. |
Contributing
Contributions are REALLY welcome and if you find a security flaw in this code, PLEASE report it.
Authors
- Simone Primarosa - Github (@simonepri) • Twitter (@simoneprimarosa)
See also the list of contributors who participated in this project.
License
This project is licensed under the MIT License - see the license file for details.